article

Applying biometrics to design three-factor remote user authentication scheme with key agreement

Authors:

Caisen ChenAuthors Info & Claims

Security and Communication Networks, Volume 7, Issue 10

Pages 1488 - 1497

https://doi.org/10.1002/sec.767

Published: 01 October 2014 Publication History

Abstract

There are some biometrics-based three-factor remote user authentication schemes proposed by researchers for ensure high security features for network-based application systems. Recently, Das pointed out the security flaws of Li and Hwang's three-factor remote user authentication scheme, and proposed an enhanced biometrics-based three-factor remote user authentication scheme. Das's scheme overcomes the defects of Li and Hwang's scheme, and maintains the advantages of Li and Hwang's scheme at the same time. However, after detailed analysis, we find that Das's scheme remains vulnerable to forgery attack and stolen smart card attack; at the same time, Das's scheme cannot provide the session key agreement after the mutual authentication. To provide more security features, we design a three-factor remote user authentication scheme with key agreement using biometrics. Copyright © 2013 John Wiley & Sons, Ltd.

References

[1]

Lamport L. Password authentication with insecure communication. Communications of the ACM 1981; Volume 24 Issue 11: pp.770-772.

[2]

Chang C, Wu T. Remote password authentication with smart cards. IEE Proceedings - E Computers & Digital Techniques 1991; Volume 138 Issue 3: pp.165-168.

[3]

Haller NM. The S/Key TM one-time password system. In: Proceeding Internet Society Symposium on Network and Distributed System Security 1994; pp.151-158.

[4]

Wang S, Chang T. Smart card based secure password authentication scheme. Computers & Security 1996; Volume 15 Issue 3: pp.231-237.

[5]

Hwang MS, Li LH. A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 2000; Volume 46 Issue 1: pp.28-30.

[6]

ElGamal T. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 1985; Volume 32 Issue 1: pp.469-472.

Digital Library

[7]

Chan CK, Cheng LM. Cryptanalysis of a remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 2000; Volume 46 Issue 4: pp.992-993.

[8]

Chang CC, Hwang KF. Some forgery attacks on a remote user authentication scheme using smart cards. Informatica 2003; Volume 14 Issue 3: pp.289-294.

[9]

Yeh HT, Sun HM, Hsieh BT. Security of a remote user authentication scheme using smart cards. IEICE Transactions on Communications 2004; Volume E87-B Issue 1: pp.192-194.

[10]

Lee SW, Kim HS, Yoo KY. Efficient nonce-based remote user authentication scheme using smart cards. Applied Mathematics and Computation 2005; Volume 167 Issue 1: pp.355-361.

[11]

Kim SK, Chung MG. More secure remote user authentication scheme. Computer Communications 2009; Volume 32 Issue 6: pp.1018-1021.

[12]

Liu JY, Zhou AM, Gao MX. A new mutual authentication scheme based on nonce and smart cards. Computer Communications 2008; Volume 31 Issue 10: pp.2205-2209.

[13]

Shen JJ, Lin CW, Hwang MS. Security enhancement for the timestamp based password authentication scheme using smart cards. Computers & Security 2003; Volume 22 Issue 7: pp.591-595.

[14]

Sun HM. An efficient remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 2000; Volume 46 Issue 4: pp.958-961.

[15]

Wu ST, Chieu BC. A user friendly remote authentication scheme with smart cards. Computers & Security 2003; Volume 22 Issue 6: pp.547-550.

[16]

Fan CI, Chan YC, Zhang ZK. Robust remote authentication scheme with smart cards. Computer & security 2005; Volume 24 Issue 8: pp.619-628.

[17]

Liao YP, Wang SS. A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces 2009; Volume 31 Issue 1: pp.24-29.

[18]

Lin IC, Hwang MS, Li LH. A new remote user authentication scheme for multi-server architecture. Future Generation Computer Systems 2003; Volume 19 Issue 1: pp.13-22.

[19]

Lee JK, Ryu SR, Yoo KY. Fingerprint-based remote user authentication scheme using smart cards. Electronics Letters 2002; Volume 38 Issue 12: pp.554-555.

[20]

Lin CH, Lai YY. A flexible biometrics remote user authentication scheme. Computer Standards & Interfaces 2004; Volume 27 Issue 1: pp.19-23.

[21]

Chang CC, Lin IC. Remarks on fingerprint-based remote user authentication scheme using smart cards. ACM SIGOPS Operating Systems Review 2004; Volume 38 Issue 4: pp.91-96.

[22]

Kim HS, Lee SW, Yoo KY. ID-based password authentication scheme using smart cards and fingerprints. ACM SIGOPS Operating Systems Review 2003; Volume 37 Issue 4: pp.32-41.

[23]

Scott M. Cryptanalysis of an ID-based password authentication scheme using smart cards and fingerprints. ACM SIGOPS Operating Systems Review 2004; Volume 38 Issue 2: pp.73-75.

[24]

Khan MK, Zhang JS. Improving the security of 'a flexible biometrics remote user authentication scheme'. Computer Standards & Interfaces 2007; Volume 29 Issue 1: pp.82-85.

[25]

Li CT, Hwang MS. An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications 2010; Volume 33 Issue 1: pp.1-5.

[26]

Schneier B. Applied Cryptography second edn. Wiley: New York, 1996.

[27]

Li X, Niu JW, Ma J, Wang WD, Liu CL. Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications 2011; Volume 34 Issue 1: pp.73-79.

[28]

Das AK. Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Information Security 2011; Volume 5 Issue 3: pp.145-151.

[29]

Dodis Y, Reyzin L, Smith A. Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. Advances in Cryptology, Eurocrypt2004, LNCS 3027 2004; pp 523-540.

[30]

Kocher P, Jaffe J, Jun B. Differential power analysis. Proceeeding of Advances in Cryptology CRYPTO'99, LNCS 1666 1999; pp: 388-397.

[31]

Messergers TS, Dabbish EA, Sloan RH. Examining smart card security under the threat of power analysis attacks. IEEE Transactions on Computers 2002; Volume 5 Issue 5: pp.541-552.

Digital Library

[32]

Li X, Xiong YP, Ma J, Wang WD. An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications 2012; Volume 35 Issue 2: pp.763-769.

[33]

Li X, Ma J, Wang WD, Xiong YP, Zhang JS. A novel smart card and dynamic ID based remote user authentication scheme for multi-server environment. Mathematical and Computer Modelling 2012.

[34]

Sarkar P, Saha A. Security enhanced communication in wireless sensor networks using Reed-Muller codes and partially balanced incomplete block designs. Journal of Convergence 2011; Volume 2 Issue 1: pp.23-30.

[35]

Tseng FH, Chou LD, Chao HC. A survey of black hole attacks in wireless mobile ad hoc networks. Human-centric Computing and Information Sciences 2011; Volume 1: pp.4.

Cited By

Pursharthi KMishra D(2024)Post-quantum framework for authorized and secure communication in multi-server networkingTelecommunications Systems10.1007/s11235-024-01190-x87:2(403-418)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1007/s11235-024-01190-x
Kandar SGhosh A(2023)Smart Card Based Remote User Authentication Scheme in Multi-server Environment Using Chebyshev Chaotic MapWireless Personal Communications: An International Journal10.1007/s11277-024-10895-w133:4(2657-2685)Online publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1007/s11277-024-10895-w
Chen YChen J(2021)An efficient mutual authentication and key agreement scheme without password for wireless sensor networksThe Journal of Supercomputing10.1007/s11227-021-03820-677:12(13653-13675)Online publication date: 1-Dec-2021
https://dl.acm.org/doi/10.1007/s11227-021-03820-6
Show More Cited By

Applying biometrics to design three-factor remote user authentication scheme with key agreement
1. Security and privacy
  1. Security services

Recommendations

Secure remote user authentication scheme using bilinear pairings
WISTP'07: Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems

In 2006, Das et al. proposed a remote user authentication scheme using the properties of bilinear pairings. The current paper, however, demonstrates that Das et al.'s scheme is still vulnerable to an impersonation attack and an off-line password ...
Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards

Recently, Li and Hwang proposed a biometrics-based remote user authentication scheme using smart cards [Journal of Network and Computer Applications 33 (2010) 1-5]. The scheme is based on biometrics verification, smart card and one-way hash function, ...
Robust three-factor remote user authentication scheme with key agreement for multimedia systems

As the fast growth of multimedia information, the security of multimedia systems is becoming a rather important topic nowadays. Multimedia systems are often suffering attacks when users access the information and online services. Because of the ...

Comments

Information & Contributors

Information

Published In

cover image Security and Communication Networks

Security and Communication Networks Volume 7, Issue 10

October 2014

202 pages

ISSN:1939-0114

EISSN:1939-0122

Issue’s Table of Contents

Publisher

John Wiley & Sons, Inc.

United States

Publication History

Published: 01 October 2014

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

31
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 17 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Pursharthi KMishra D(2024)Post-quantum framework for authorized and secure communication in multi-server networkingTelecommunications Systems10.1007/s11235-024-01190-x87:2(403-418)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1007/s11235-024-01190-x
Kandar SGhosh A(2023)Smart Card Based Remote User Authentication Scheme in Multi-server Environment Using Chebyshev Chaotic MapWireless Personal Communications: An International Journal10.1007/s11277-024-10895-w133:4(2657-2685)Online publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1007/s11277-024-10895-w
Chen YChen J(2021)An efficient mutual authentication and key agreement scheme without password for wireless sensor networksThe Journal of Supercomputing10.1007/s11227-021-03820-677:12(13653-13675)Online publication date: 1-Dec-2021
https://dl.acm.org/doi/10.1007/s11227-021-03820-6
Chen YChen J(2021)A secure three-factor-based authentication with key agreement protocol for e-Health cloudsThe Journal of Supercomputing10.1007/s11227-020-03395-877:4(3359-3380)Online publication date: 1-Apr-2021
https://dl.acm.org/doi/10.1007/s11227-020-03395-8
Chen YChen J(2021)Anonymous and provably secure authentication protocol using self-certified cryptography for wireless sensor networksMultimedia Tools and Applications10.1007/s11042-020-10259-z80:10(15291-15313)Online publication date: 1-Apr-2021
https://dl.acm.org/doi/10.1007/s11042-020-10259-z
Luo HWen GSu J(2020)Lightweight three factor scheme for real-time data access in wireless sensor networksWireless Networks10.1007/s11276-018-1841-x26:2(955-970)Online publication date: 1-Feb-2020
https://dl.acm.org/doi/10.1007/s11276-018-1841-x
Wang CHsu K(2019)Enhancing Biometric and Mutual Verification in Multi-server Three-factor User Remote Authentication Scheme with Elliptic Curve CryptographyProceedings of the 7th International Conference on Communications and Broadband Networking10.1145/3330180.3330188(46-52)Online publication date: 12-Apr-2019
https://dl.acm.org/doi/10.1145/3330180.3330188
(2018)A novel biometric-based password authentication scheme for client-server environment using ECC and fuzzy extractorInternational Journal of Ad Hoc and Ubiquitous Computing10.1504/IJAHUC.2018.08958327:2(138-155)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1504/IJAHUC.2018.089583
Ferrag MMaglaras LArgyriou AKosmanos DJanicke H(2018)Security for 4G and 5G cellular networksJournal of Network and Computer Applications10.1016/j.jnca.2017.10.017101:C(55-82)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1016/j.jnca.2017.10.017
Shingala MPatel CDoshi N(2018)An Improve Three Factor Remote User Authentication Scheme Using Smart CardWireless Personal Communications: An International Journal10.1007/s11277-017-5055-999:1(227-251)Online publication date: 1-Mar-2018
https://dl.acm.org/doi/10.1007/s11277-017-5055-9
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents